<p>While most crypto hacks are caused by lone wolves, Monday's $190 million exploit of the Nomad cross-bridge appears to have been driven by a feeding frenzy of hundreds of bad actors. </p> <p><span style="font-weight: 400;">Nomad’s cross-chain bridge was hacked for <a href="https://www.theblock.co/post/160731/nomad-cross-chain-crypto-bridge-suffers-possible-exploit">$190 million</a> in various crypto assets yesterday after a software update exposed a critical vulnerability that allowed anyone to drain funds from the bridge. </span></p> <p><span style="font-weight: 400;">The vulnerability was initially discovered on Monday by an unknown hacker who quickly stole nearly <a href="https://twitter.com/peckshield/status/1554307210930704384">$95 million</a>, blockchain security firm PeckShield told The Block today. As the news of the initial exploit spread in crypto circles, others rushed to join the original hacker to take money for themselves. </span></p> <p><span style="font-weight: 400;">PeckShield told The Block that more than 300 addresses had taken funds from Nomad over the course of an hour. </span><span style="font-weight: 400;">The firm estimated that 41 of them took $152 million, equivalent to 80% of the stolen funds from Nomad’s cross-chain bridge.</span></p> <p><span style="font-weight: 400;">However, not all of them were bad actors. PeckShield’s <a href="https://twitter.com/PeckShieldAlert/status/1554350737957998592">analysis</a> found at least six addresses that were white hackers, a name given to ethical hackers, who grabbed about $8.2 million from the bridge. They are expected to return the funds.</span></p> <p><span style="font-weight: 400;">Nomad is a cross-chain bridge, a tool that lets users move ERC-20 tokens among Ethereum, Moonbeam, <a href="https://www.theblock.co/post/143771/evmos-launches-blockchain-to-bring-ethereum-virtual-machine-to-cosmos">Evmos</a> and Avalanche. It is one of the several bridge services available in the crypto space.</span></p> <h2>What went wrong</h2> <p><span style="font-weight: 400;">According to PeckShield, the vulnerability was introduced by Nomad developers during a smart contract update. The bug came from the developers erroneously modifying the bridge’s smart contract and deploying the code without proper audit.</span></p> <p><span style="font-weight: 400;">"The Nomad bridge hack is made possible due to an improper initialization leading to the zero address (0x00) being marked as a trusted root, which led to every message being proven valid by default,” PeckShield said. </span></p> <p><span style="font-weight: 400;">Marking </span><a href="https://etherscan.io/address/0x0000000000000000000000000000000000000000" rel="nofollow noreferrer">0x00</a> (also called as the <em>zero address</em>) the trusted root accidentally <span style="font-weight: 400;">turned off a smart contract check that ensured withdrawals were made to valid addresses only. </span></p> <p><span style="font-weight: 400;">After the vulnerability was introduced in Nomad's code, withdrawal requests from any address were considered as valid by default. This meant that anyone could withdraw funds from the bridge if they wanted.</span></p> <p><span style="font-weight: 400;">The exploit didn't require advanced technical knowledge of smart contracts. </span><span style="font-weight: 400;">All one had to do was simply edit the hacker's transaction with Etherscan, replace the destination address with their own address and make the withdrawal request on the Nomad bridge. </span></p><br /><span class="copyright"><p>© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.</p> </span>